Skip to content

WS-2449: Use cookie auth for UAS instead of Authorization header#13876

Merged
elvinasv merged 5 commits intolatestfrom
ws-2449-use-cookie-auth-for-uas-requests
Apr 8, 2026
Merged

WS-2449: Use cookie auth for UAS instead of Authorization header#13876
elvinasv merged 5 commits intolatestfrom
ws-2449-use-cookie-auth-for-uas-requests

Conversation

@elvinasv
Copy link
Copy Markdown
Member

@elvinasv elvinasv commented Apr 3, 2026
edited
Loading

Resolves JIRA: https://bbc.atlassian.net/browse/WS-2449

Summary

  • Use cookie based auth (where ckns_atkn is attacked to the request) instead of authorization header

Testing

Local testing instruction:

  1. Get ckns_id and ckns_atkn cookies from https://www.test.bbc.com/news
  2. Set Response Header Access-Control-Allow-Origin to http://localhost:7081
  3. Save for later button should be visible
Screenshot 2026-04-07 at 16 19 24

Useful Links

@elvinasv elvinasv marked this pull request as ready for review April 3, 2026 12:28
Copilot AI review requested due to automatic review settings April 3, 2026 12:28
@elvinasv elvinasv self-assigned this Apr 3, 2026
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the UAS client authentication approach to rely on cookie-based auth rather than sending an Authorization bearer token header.

Changes:

  • Removes reading ckns_atkn from js-cookie and stops constructing Authorization / X-Authentication-Provider headers.
  • Keeps X-API-Key header generation and tightens the missing-config error to only cover the API key.

Comment thread src/app/lib/uasApi/getAuthHeaders.ts
Comment thread src/app/lib/uasApi/getAuthHeaders.ts Outdated
Comment thread src/app/lib/uasApi/getAuthHeaders.ts
amoore108
amoore108 reviewed Apr 7, 2026
View reviewed changes
Comment thread src/app/lib/uasApi/getAuthHeaders.ts Outdated
@elvinasv elvinasv merged commit 51f1025 into latest Apr 8, 2026
13 checks passed
@amoore108 amoore108 deleted the ws-2449-use-cookie-auth-for-uas-requests branch April 14, 2026 15:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@amoore108 amoore108 amoore108 approved these changes

@Louis-Matsika Louis-Matsika Louis-Matsika approved these changes

Assignees

@elvinasv elvinasv

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@elvinasv @amoore108 @Louis-Matsika